- Knowledge Base
- Product News
- Release notes
-
Security Announcements
-
Product News
-
Next-Gen Vulnerability Management
-
Getting Started
-
General
-
Operating Status
-
System & Network Scanning
-
Web Application Scanning
-
Cloud Scanning (CSPM)
-
API Scanning
-
Phishing & Awareness Training
-
Scanner Appliance
-
Device Agent
-
On-premise platform deployment
-
Asset Management
-
Vulnerability Manager
-
Reports
-
Digest Reports
-
Organizer
-
Continuous Monitoring
-
Integrations
-
Platform API
-
Remediation
-
Users
-
PCI DSS
-
Terms & Conditions
-
Dashboard
Release notes 2022-03-07
Improved control for exploitation to avoid potential harm running network scans
Network scans perform a set of different vulnerability tests when scanning network asset hosts. Some of these tests are harmless and some can have a negative impact when scanning certain devices which can be considered sensitive. In order to be able to customize what kind of tests network scans should include, we have added a new option to easily do this.
The new scan configuration option (Exploitation) in network scan profiles can be used to check for active exploiting. This setting is by default turned off.
How to work with these new settings
Potential vulnerabilities options added for better control
Network vulnerabilities are identified using the vulnerability tests that Security Center provides to prove that a vulnerability exists. These vulnerability tests perform different actions in order to provide a high level of confidence that a vulnerability actually exists on the scanned target.
In certain vulnerability tests, the accuracy is lower due to reasons depending on the scanned target, such as the collected information within the scan. This kind of vulnerability with lower accuracy is referred to as potential vulnerability.
Within this release, we have made it possible to manage and distinguish potential vulnerabilities when overviewing your vulnerabilities and filtering among them. In a network scan profile, you can enable/disable the inclusion of potential vulnerabilities in scans.
How to work with these new settings
Additional fields for CSV export
Scan and reports support being exported of the result to CSV file format (comma separated values) where it can be further processed outside of Security Center. To enable more use cases from the CSV file format, we have added additional fields for ignored vulnerabilities:
- Ignored vulnerability
- Ignored comment
- Reason for being ignored
- Ignored expiry date (until date)
Expanding languages for awareness training
Phishing & Awareness Training comes with default templates for both phishing assessments and awareness training. In this release, we are coming out with new languages supported for our video awareness templates that are by default available in Security Center. The new languages are:
- Danish
- Norwegian
English, Dutch and Swedish languages are already available in Security Center. These new languages bring the total supported languages to a total of five.
Get started using these new languages
Other improvements
- Bruteforce actions are now carried out properly in scans where it has been activated in the scan profile for network scans.
- Solved an issue with single sign-on being reset when editing the Security Center account.
- Actions on scans, such as start or pause, will now be handled faster as a part of our improvements to the scan engine controllers.